Hello izzy,

On Sat, May 10, 2025 at 09:53:20AM -0500, izzy Meyer wrote:
> Hello ports@
> 
> In a previous mail, I got x11/emwm-utils to work with authenticate(3).
> In this diff, I set the SHUTDOWN_CMD, REBOOT_CMD, and SUSPEND_CMD
> correctly, as well as enable unprivileged access to these commands. I
> bumped REVISION as well. Hopefully the pkg-readme is correctly phrased?
> 
> Tested on amd64 and arm64. 
> 
> CC: Lucas Gabriel Vuotto

ftr, I'm not an user of this software.

> diff --git a/x11/emwm-utils/Makefile b/x11/emwm-utils/Makefile
> index 0d8b6ba9f61..62e4397077a 100644
> --- a/x11/emwm-utils/Makefile
> +++ b/x11/emwm-utils/Makefile
> @@ -3,6 +3,7 @@ COMMENT =	session manager and a toolchest-like application launcher
>  V =		1.3
>  DISTNAME =	emwm-utils-src-${V}
>  PKGNAME =	emwm-utils-${V}
> +REVISION =	0
>  
>  CATEGORIES =	x11
>  HOMEPAGE =	https://fastestcode.org/emwm.html
> @@ -19,8 +20,13 @@ WANTLIB += X11 Xinerama Xm Xrandr Xss Xt c
>  
>  LIB_DEPENDS =	x11/motif
>  
> +MAKE_ENV =	REBOOT_CMD="/sbin/shutdown -r now" \
> +		SHUTDOWN_CMD="/sbin/shutdown -p now" \
> +		SUSPEND_CMD="/usr/sbin/zzz"
> +
>  MAKE_FLAGS =	RCDIR=${PREFIX}/lib/X11 \
> -		CFLAGS="${CFLAGS} -I./Xm -I${X11BASE}/include -I${LOCALBASE}/include"
> +		CFLAGS="${CFLAGS} -DUNPRIVILEGED_SHUTDOWN \
> +			-I./Xm -I${X11BASE}/include -I${LOCALBASE}/include"

I don't get how this works. MAKE_ENV works like running `env -i
${MAKE_ENV} ... ${MAKE} ...`; it adds variable to the environment in
which make (in this case) is then executed. The way this software gets
those *_CMD configured is by preprocessor definitions. You'd need to add
-DREBOOT_CMD=... to CFLAGS for it to work.

Nevertheless, src/smconf.h defines the right binaries for us if none
were given as a preprocessor macro; I guess that's why this is working?
I don't believe setting MAKE_ENV is necessary, nor defining your own
*_CMD.

Adding -DUNPRIVILEGED_SHUTDOWN seems correct.

>  FAKE_FLAGS =	PREFIX=${WRKINST}${PREFIX} \
>  		APPLRESDIR=${WRKINST}${PREFIX}/lib/X11/app-defaults \
> diff --git a/x11/emwm-utils/pkg/PLIST b/x11/emwm-utils/pkg/PLIST
> index 763b5a0e51f..36f96dc0494 100644
> --- a/x11/emwm-utils/pkg/PLIST
> +++ b/x11/emwm-utils/pkg/PLIST
> @@ -10,3 +10,4 @@ lib/X11/app-defaults/XmToolbox
>  lib/X11/toolboxrc
>  @man man/man1/xmsm.1
>  @man man/man1/xmtoolbox.1
> +share/doc/pkg-readmes/${PKGSTEM}
> diff --git a/x11/emwm-utils/pkg/README b/x11/emwm-utils/pkg/README
> new file mode 100644
> index 00000000000..33648b63b53
> --- /dev/null
> +++ b/x11/emwm-utils/pkg/README
> @@ -0,0 +1,11 @@
> ++-------------------------------------------------------------------------------
> +| Running ${PKGSTEM} on OpenBSD
> ++-------------------------------------------------------------------------------
> +
> +This package is not installed with SUID root. You can ignore any warnings about
> +Lacking SUID root.
> +
> +- To enable shutdown/reboot access, the user should be in the _shutdown group.

This is correct.

> +- To enable suspend access, the user should be in the operator group.

This isn't. /usr/sbin/zzz is a hardlink to apm(8), which communicates
with apmd(8). If apmd isn't running, apm (and hence zzz) won't work.
apm(8) states

FILES
     /var/run/apmdev  The default UNIX-domain socket for communicating with
                      apmd(8).  The -f flag may be used to specify an
                      alternate socket name.  The protection modes on this
                      socket govern which users may access the APM functions.

In my machine(tm), that file is 660 root:wheel. Those permissions are
set when apmd creates the socket.

> +
> +Use usermod(8) to add your user to these groups.